I have an exchange 2013 server on prem with a second server running as a dag server. This is also a hybrid O365 deployment. I started getting a warning that one of the wild cards certs we purchased was about to expire, so find another one, installed it on both servers. Since I've never done this before I thought i'd test it on the dag server first. when i went to reassign the smtp service i received an error that said "the certificate will not be used for external TLS connections with a FQDN of "dag server" because the ca signed cert "thumbprint" takes precedence.
I googled this and get varying answers, but if this is what happens on the dag, i'm now a little frightened to try switching this out on the primary exchange server.
I can't seem to find anyone who has actually changed out certificates on an exchange server like this, or when they do it on youtube or whatever, they don't get any errors.
Has anyone ever loaded another cert and reapplied it to the smtp service? I really don't want to bring down this thing.